<#
.SYNOPSIS
    This script is used in order to send an message to users of an organisation that their password will expire in the near feature.

.DESCRIPTION
    within this script you can specify when you want the first warning to be send and start from how many days there will be a daily email. 
    If you set the $STR_FirstReminder and $STR_DailyReminders equal to eachother, the users will receive a daily email reminder only.

    Also change the function SendMailv2 in a way that it can be used in your specific case.

    This scripts need to be put in the same folder as the account-expiration-template.htm file, please change this according to your (company's)needs.

.NOTES
    Author: D.de Kooker - info@dcomputers.nl
    Version: 1.1
    
    DISCLAIMER: Use scripts at your own risk, if there is anything I can help you with I will try but I do not take responsibility for the way that anyone else uses my scripts.
    Sharing is caring. Share your knowledge with the world so that everybody can learn from it.

.LINK
    The latest version can Always be found on my GIT page on the link below: 
    https://gittea.dannydekooker.nl/Dcomp/PUB-PowershellScripts

.COMPONENT
    In order to run this script you will need the ActiveDirectory Powershell Module and in order to send email you will need a working SMTP server.
#>
 
#region Global script settings and variables
    $STR_SMTPServer = ""
    $STR_SMTPServerPort = ""
    $STR_SMTPUsername = ""
    $STR_SMTPPassword = ""
    $STR_SMTPFromaddress = "Servicedesk ICT <servicedesk@contoso.com>"
    $STR_AdminEmail = "servicedesk@contoso.com,systemengineer1@contoso.com" #List of commaseperated emailaddresses of the admins
    $STR_DateFormat = "dd-MM-yyyy"
    $STR_Date = Get-Date -Format $STR_DateFormat
    $STR_Domain = "" #This is placed in the email title
    $STR_OUSearchBase = "OU=Users,DC=CONTOSO,DC=COM" #Coma seperated list of OU searchbases
    $STR_LogfileLocation = "$($MyInvocation.MyCommand.Path | Split-Path -Parent)\Logs"
    $STR_Logfile = "$STR_LogfileLocation\$STR_Date.log"
    $STR_LogfileNOemail = "$STR_LogfileLocation\$STR_Date-noemail.log"

    $STR_FirstReminder = "14" #After this amount of days the first mail message will be sent to the user reminding them to change thier password.
    $STR_DailyReminders = "7" #After this amount of days users will receive a daily message about thier password

#endregion
 
#region Functions
    function SendMailv2 ($To,$Subject,$Body){ 
        $SMTPClient = New-Object Net.Mail.SmtpClient($STR_SMTPServer, $STR_SMTPServerPort) 
        # $SMTPClient.EnableSsl = $true
        $SMTPClient.Credentials = New-Object System.Net.NetworkCredential($STR_SMTPUsername, $STR_SMTPPassword); 
        $SMTPMessage = New-Object System.Net.Mail.MailMessage($STR_SMTPFromaddress,$To,$Subject,$Body)
        $SMTPMessage.IsBodyHTML = $true
        $SMTPClient.Send($SMTPMessage)
    } 
#endregion
 
#region prerequisites
    #Check if folders exists or create them
    if (!(test-path $STR_LogfileLocation)) {mkdir $STR_LogfileLocation}
#endregion

#region script
    #Collect all users and the attributes we need
    foreach ($SearchBase in $STR_OUSearchBase) {
        $QRY_ADUsers = Get-ADUser -SearchBase $SearchBase -Filter {Enabled -eq $true  -and PasswordNeverExpires -eq $false } -Properties 'msDS-UserPasswordExpiryTimeComputed', 'mail'

        #Start foreach statement of above query
        foreach ($User in $QRY_ADUsers) {
            $STR_ExpireDate = [datetime]::FromFileTime( $User.'msDS-UserPasswordExpiryTimeComputed' )
            $STR_ExpireDate_String = $STR_ExpireDate.ToString($STR_DateFormat)

            #Calculate the days remaining
            $VAR_DaysRemaining  = New-TimeSpan -Start $(Get-Date) -End $STR_ExpireDate
            $VAR_DaysRemaining = $VAR_DaysRemaining.Days

            #Collect user information into variables
            $VAR_User_Name = $User.GivenName
            $VAR_User_Email = $User.mail
            $VAR_User_Account = $User.SamAccountName

            #Write logging for users without email variable
            if ($null -eq $VAR_User_Email){
                "Wachtwoord van $VAR_User_Name ($VAR_User_Account), Verloopt over: $VAR_DaysRemaining dagen, op: $STR_ExpireDate_String, Geen email adress gevonden!<br>" >> $STR_LogfileNOemail
            }
            
            #Send email message if password is expiring
            if ($VAR_DaysRemaining -eq $STR_FirstReminder -or $VAR_DaysRemaining -le $STR_DailyReminders -and $null -ne $VAR_User_Email -and $VAR_DaysRemaining -ge 0) {
                $VAR_Subject = "Uw $STR_Domain wachtwoord verloopt over $VAR_DaysRemaining dagen"
                $INP_Body = Get-Content "$($MyInvocation.MyCommand.Path | Split-Path -Parent)\account-expiration-template.htm" -Raw
                Invoke-Expression "`$VAR_Body = `@""`n`r$INP_Body`n`r""`@"
                
                SendMailv2 -To $VAR_User_Email -Subject $VAR_Subject -Body $VAR_Body
            }
            "Email verstuurd naar:$VAR_User_Email, het wachtwoord verloopt over: $VAR_DaysRemaining dagen, op: $STR_ExpireDate_String" >> $STR_Logfile
        }
    }
    #Send mail message to administartors with accounts without email
    if (Test-Path $STR_LogfileNOemail -PathType Leaf) {
        $VAR_Subject = "ERROR: Accounts op $STR_Domain gevonden waarbij het wachtwoord verloopt zonder email!"
        $VAR_Body = Get-Content $STR_LogfileNOemail
            
        SendMailv2 -To $STR_AdminEmail -Subject $VAR_Subject -Body $VAR_Body
    }

#endregion